This is Mifuko Oy’s description of file and data protection pursuant to the Personal Data Act (sections 10 and 24) and the EU's General Data Protection Regulation (GDPR). Prepared on the 8th of June 2018. Last modified on the 8th of June 2018.
Mifuko Oy, Hämeentie 130 A 00560, Helsinki
2. Contact person in charge of the data file
Minna Impiö, phone number: 050 593 2044
3. Name of data file
Mifuko Oy’s online service user register
4. Legal grounds and purpose of processing personal data
The legal grounds for processing the personal data pursuant to the EU’s General Data Protection Regulation is the customer relationship, the customer’s consent or the exercising of rights and fulfilment of obligations resulting from contracts with the customer and/or applicable legislation.
The personal data are used for:
processing online store orders
managing and developing the customer relationship
identifying and individualisation of the customer in the online service
managing customer data and customer and contact history
communication about services
with the customer’s specific consent, direct marketing
The data are not used for automated decision-making or profiling.
5. Information content of the data file
Our register may contain the following information:
Basic customer data
User account data
online service user ID and encrypted password
login data and history
user account history
online store order history
Information related to the customer relationship
invoicing and delivery data (business ID, address and other contact details)
information about gift purchases and rewards: name, mailing address, delivery address, telephone number and e-mail address of the recipient
online store order history
information about marketing consents/prohibitions
newsletter subscriptions, statistics and sending history
information provided by the customer via the website forms (e.g., product reviews, requests for quotes, brochure orders, feedback and other requests).
6. Regular data sources
The information stored in the register is obtained from the customer, for example via messages submitted by online forms, by e-mail, telephone, social media services, agreements, customer events and other situations where the customer provides their information.
7. Regulatory information disclosure and transfer of information outside the borders of the EU or the EEA
The customer’s data are not disclosed to parties other than Mifuko Oy or third parties authorised by Mifuko Oy. Authorised third parties are: service providers and developers, parties delivering orders and payment service providers. These authorised third parties may use your personal data only for the purposes described in this data protection policy.
In cases where required by law, such as investigating fraud or abuse, information may be disclosed to authorities. We will inform the customer about the data request if it is allowed by law.
The personal data are not transferred outside the EU or the EEA.
8. Retaining information
We retain customers’ personal information only for the time needed for purposes mentioned in this description. In addition, some data may be retained for a longer period if the law requires it for legal obligations:
The Bookkeeping Act defines longer preserving periods for data regardless of the nature of the data
Responsibilities regarding retail trade
If we are not able to delete some data from our systems, we will always inform the customer about it and justify the reason.
9. Register protection principles
The personal data stored in the register are always processed confidentially and carefully. The data is protected with the appropriate technical and administrative measures. The information security of the hardware and software used for storing the personal data is actively monitored and maintained with regular software updates. The information and the service are secured with technical measures, such as firewall, encryption technologies and access rights. The controller ensures that the stored information and the access rights to the servers and other information critical to the security of the personal data are always handled with confidentiality and only by those employees whose job description includes such handling.
10. Right of review and right to request rectification
A person in the register has the right to review the information stored in the register concerning the person and receive copies of it. The person also has the right to request the correction of any errors and supplementing of incomplete information. The above requests must be sent in writing directly to the controller. The requestor must prove his or her identity to prevent abuse. The controller will respond to the customer within the period of time specified in the EU General Data Protection Regulation (primarily within a month).
11. Other rights related to the processing of personal data
A person whose information is stored in the register has the right to request the deletion of information concerning the person from the register (“the right to be forgotten”). Furthermore, the data subject has the right to request the restriction of the processing of the data in certain situations, such as use of data for direct marketing. The requests must be sent in writing to the controller.
If you notice any deficiency in the processing or you think it is against the law, you have the right to make a complaint to data protection officials.
Deleting and preventing cookies
If you want, you can delete existing cookies with your browser or prevent them altogether, for example by using the site in a private browsing mode (also known as Incognito). Some of the site features, such as creating a user account and logging in and placing orders in the online store require that you have cookies enabled to work.
Types of cookies
Our site uses various types of cookies:
1) Session-specific cookies
Stored in the memory while the browser is open but destroyed immediately when the browser is closed. Session cookies are used for storing only technical information regarding the browser’s settings, ensuring that the site works in different browser environments. No user-identifying data is stored in session-specific cookies.
2) Tracking cookies
Tracking cookies persist in the browser’s memory even after the browser is closed. Tracking cookies are only stored for users who wish to log into the site or add products to the basket. Tracking cookies are the technical means of enabling registration and logging in. The cookies store information about the time and duration of the login. The basket cookie allows the browser to remember the products added to the basket.
3) Google tracking cookies
Our website uses the Google Analytics tool for analysing website use and to enable further website development. These cookies store anonymous basic data regarding the users’ online behaviour. The data stored in the cookies is transferred to Google. According to the terms of Google Analytics, Google will not combine the IP addresses of data subjects with any other data stored in Google. For more information on cookies stored by Google, see https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage You can prevent the use of Google Analytics cookies by downloading and enabling the Google Analytics Opt-out Browser Add-on in your browser.